?
Solved

Can't ssh from PC to openSuse11.4 (x86_64)

Posted on 2011-10-11
1
Medium Priority
?
522 Views
Last Modified: 2012-05-12
I can ping to/from PC/Linux-box. After SUSE installation ssh was not running so I started it.

linux-0wkq:/etc/rc.d # /etc/rc.d/sshd
Usage: /etc/rc.d/sshd {start|stop|status|try-restart|restart|force-reload|reload|probe}
linux-0wkq:/etc/rc.d # /etc/rc.d/sshd start
Generating /etc/ssh/ssh_host_key.
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
5a:27:6f:b9:20:ca:1a:6e:e2:69:b9:3d:a9:6c:2a:79 root@linux-0wkq
The key's randomart image is:
+--[RSA1 1024]----+
|                 |
|                 |
|                 |
|                 |
|        S .      |
|       o + .     |
| .o . o . +      |
|==E= . . o .     |
|BX=o+     .      |
+-----------------+
Generating /etc/ssh/ssh_host_dsa_key.
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
b7:6f:a5:e3:b8:7e:04:13:30:7d:4f:2d:7a:3a:7d:91 root@linux-0wkq
The key's randomart image is:
+--[ DSA 1024]----+
|        oo     . |
|         .o . o .|
|           o + ..|
|          o . oE |
|        S .o +  .|
|         . .+ o .|
|          .. + . |
|           o=    |
|         .+=o.   |
+-----------------+
Generating /etc/ssh/ssh_host_rsa_key.
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
3e:04:8a:e4:fd:a3:da:7a:1d:d6:27:bf:e1:6c:f1:70 root@linux-0wkq
The key's randomart image is:
+--[ RSA 1024]----+
|                 |
|                 |
|  .   .          |
| o o . .         |
|  o o  .S        |
|     .ooo + E    |
|     oo.o+.=     |
|   ..... +o..    |
|  o+o    .+.     |
+-----------------+
Generating /etc/ssh/ssh_host_ecdsa_key.
Generating public/private ecdsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
26:f0:1f:03:44:db:a3:9c:32:e5:8f:d8:25:83:66:56 root@linux-0wkq
The key's randomart image is:
+--[ECDSA  256]---+
|     .o          |
|     . o         |
|    . E o        |
|     O + .       |
|    B X S        |
|   + = X o       |
|    . o o        |
|                 |
|                 |
+-----------------+
Starting SSH daemon                                                                                                               done
linux-0wkq:/etc/rc.d #


linux-0wkq:/etc/ssh # ps -ef |grep sshd
man      18521 16324  0 14:36 pts/0    00:00:00 man sshd
root     18568     1  0 14:39 ?        00:00:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid
root     18579 16324  0 14:43 pts/0    00:00:00 grep sshd

Now I can ssh to myself on the LinuxBox
linux-0wkq:/etc # ssh 192.168.0.5
The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
ECDSA key fingerprint is 26:f0:1f:03:44:db:a3:9c:32:e5:8f:d8:25:83:66:56.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.0.5' (ECDSA) to the list of known hosts.
Password:
Have a lot of fun...
linux-0wkq:~ #

And I can ssh from LinuxBox to it's own loopback

linux-0wkq:~ # ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is 26:f0:1f:03:44:db:a3:9c:32:e5:8f:d8:25:83:66:56.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
Password:
Last login: Tue Oct 11 15:06:44 2011 from 192.168.0.5
Have a lot of fun...
linux-0wkq:~ #




From PC I am using putty to try and ssh to machine but it just timesout with no network connection. Is it possibly because the openSUSE installation is using IPv6??


linux-0wkq:/etc # cat hosts
#
# hosts         This file describes a number of hostname-to-address
#               mappings for the TCP/IP subsystem.  It is mostly
#               used at boot time, when no name servers are running.
#               On small systems, this file can be used instead of a
#               "named" name server.
# Syntax:
#    
# IP-Address  Full-Qualified-Hostname  Short-Hostname
#

127.0.0.1       localhost

# special IPv6 addresses
::1             localhost ipv6-localhost ipv6-loopback

fe00::0         ipv6-localnet

ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
127.0.0.2       linux-0wkq.site linux-0wkq
linux-0wkq:/etc #

linux-0wkq:/etc # cat HOSTNAME
linux-0wkq.site
linux-0wkq:/etc #


linux-0wkq:/etc # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:14:22:5B:23:BC  
          inet addr:192.168.0.5  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::214:22ff:fe5b:23bc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:70274 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61502 errors:0 dropped:0 overruns:0 carrier:0
          collisions:34 txqueuelen:1000
          RX bytes:72330618 (68.9 Mb)  TX bytes:9163154 (8.7 Mb)
          Interrupt:16

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:740 errors:0 dropped:0 overruns:0 frame:0
          TX packets:740 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:83153 (81.2 Kb)  TX bytes:83153 (81.2 Kb)

linux-0wkq:/etc #

Here is the sshd config file


linux-0wkq:/etc/ssh # cat sshd_config
#      $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile      .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
# in this release. The use of 'gssapi' is deprecated due to the presence of
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#GSSAPIEnableMITMAttack no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem      sftp      /usr/lib64/ssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL

# Example of overriding settings on a per-user basis
#Match User anoncvs
#      X11Forwarding no
#      AllowTcpForwarding no
#      ForceCommand cvs server
linux-0wkq:






linux-0wkq:/etc # ssh 192.168.0.5
Password:
Last login: Tue Oct 11 14:57:38 2011 from 192.168.0.5
Have a lot of fun...
linux-0wkq:~ #



0
Comment
Question by:Link
1 Comment
 
LVL 5

Accepted Solution

by:
hvillanu earned 2000 total points
ID: 36951811
Hi,

By default the Ehernet interfases aren't assigned on any "zones".
You neeed to review in the firewall if the interface as assigned to zone (internal/external/dmz) and open the port 22
Use Yast to do this.
-regards-
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We all know how boring and exhausting it is to transfer huge web projects developed locally to a webserver simply via FTP. The File Transfer Protocol is a really nice solution if you need to transfer small amounts of files, but if you're plannin…
Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Suggested Courses
Course of the Month14 days, 7 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question